a账号登陆,a账号退出,b账号登陆,发现取到的uid是a的,为什么?
@POST
@At("/images")
@AdaptBy(type=WhaleAdaptor.class)
@Filters(@By(type=AccessTokenFilter.class))
public Object images(@Param("Filedata")TempFile tmp) throws Exception {
int userId = Toolkit.uid();
return yvrService.upload(tmp, userId);
}
SecurityUtils.getSubject().logout();
int uid = Toolkit.uid();
if(uid <= 0){
return ServiceUtil.success("退出成功");
}
String temp = u_sessionId+uid;
Set<String> smembers = jedis().smembers(temp);
if(smembers != null){
ArrayList<String> arr = new ArrayList<>();
for (String sessionId : smembers) {
if(sessionId == null){
continue;
}
Subject subject = new Subject.Builder().sessionId(sessionId).buildSubject();
arr.add(sessionId);
if (subject == null){
continue;
}
subject.logout();
}
// 移除关联
for (String sessionId : arr) {
jedis().srem(temp, sessionId);
}
}
package net.wendal.nutzbook.mvc;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.nutz.integration.shiro.SimpleShiroToken;
import org.nutz.lang.Lang;
import org.nutz.lang.Strings;
import org.nutz.lang.util.NutMap;
import org.nutz.log.Log;
import org.nutz.log.Logs;
import org.nutz.mvc.ActionContext;
import org.nutz.mvc.ActionFilter;
import org.nutz.mvc.impl.processor.AbstractProcessor;
import org.nutz.mvc.view.UTF8JsonView;
import org.nutz.mvc.view.ViewWrapper;
import com.sun.org.apache.xml.internal.resolver.helpers.Debug;
import net.wendal.nutzbook.module.BaseModule;
import net.wendal.nutzbook.service.yvr.YvrService;
/**
* 通过请求参数中的accesstoken进行授权
* @author wendal
*
*/
public class AccessTokenFilter extends AbstractProcessor implements ActionFilter {
private static final Log log = Logs.get();
YvrService yvrService;
public ViewWrapper match(ActionContext ac) {
if (yvrService == null)
yvrService = ac.getIoc().get(YvrService.class);
HttpServletRequest req = ac.getRequest();
String at = req.getParameter("accesstoken");
NutMap re = new NutMap().setv("ok", 0);
String loginname = req.getParameter("Api-Loginname");
String nonce = req.getParameter("Api-Nonce");
String key = req.getParameter("Api-Key");
String time = req.getParameter("Api-Time");
log.debug("-accesstoken--"+at+"--loginname--"+loginname+"--nonce--"+nonce+"--key--"+key+"--time--"+time);
if (req.getParameter("Api-Version") != null) {
log.debug("api version = " + req.getParameter("Api-Version"));
if (Strings.isBlank(loginname) || Strings.isBlank(nonce) || Strings.isBlank(key) || Strings.isBlank(time)) {
return new ViewWrapper(new UTF8JsonView(),re.setv("msg", "没有登陆1"));
}
if (!yvrService.checkNonce(nonce, time)){
return new ViewWrapper(new UTF8JsonView(),re.setv("msg", "没有登陆2"));
}
at = yvrService.accessToken(loginname);
if (Strings.isBlank(at)) {
log.info("AccessTokenFilter|match|loginname="+loginname);
return new ViewWrapper(new UTF8JsonView(),re.setv("msg", "没有登陆3").setv("loginname", loginname));
}
String tmp = Strings.join(",", at, loginname, nonce, time);
String _key = Lang.sha1(tmp);
log.debug("tmp="+tmp);
log.debug("_key=" + _key);
log.debug(" key=" + key);
if (!_key.equals(key)) {
return new ViewWrapper(new UTF8JsonView(),re.
setv("msg", "没有登陆4").setv("_key", _key).setv("key", key));
}
log.debug("api access token check ok");
}
else if (Strings.isBlank(at)) { // TODO 移除这种兼容性,改成必须用nonce加密
return new ViewWrapper(new UTF8JsonView(),re.setv("msg", "没有登陆5"));
}
int uid = yvrService.getUserByAccessToken(at);
log.debug("-----------uid--"+uid);
if (uid < 1) {
return new ViewWrapper(new UTF8JsonView(),re.setv("msg", "没有登陆6"));
}
SecurityUtils.getSubject().getSession().setAttribute("me", uid);
return null;
}
public void process(ActionContext ac) throws Throwable {
Subject subject = SecurityUtils.getSubject();
Integer uid = (Integer) subject.getSession().getAttribute("me");
if (!subject.isAuthenticated())
subject.login(new SimpleShiroToken(uid));
doNext(ac);
if (!subject.isAuthenticated())
subject.logout();
}
}
SecurityUtils.getSubject().getSession().setAttribute("me", uid);可以取这个值来确定当前是哪个用户吗,我在入口函数中,get me时,获得的当前用户uid是对的
@wendal
if (!subject.isAuthenticated())
subject.login(new SimpleShiroToken(uid));
没有走到登陆里面去,在哪里授权可以登陆的?
@wendal
改成这样试试
public void process(ActionContext ac) throws Throwable {
Subject subject = SecurityUtils.getSubject();
Integer uid = (Integer) subject.getSession().getAttribute("me");
if (!subject.isAuthenticated())
subject.login(new SimpleShiroToken(uid));
doNext(ac);
subject.logout();
}
结果一样,没变化。。。
// public void process(ActionContext ac) throws Throwable {
// Subject subject = SecurityUtils.getSubject();
// Integer uid = (Integer) subject.getSession().getAttribute("me");
// log.debug("---AccessTokenFilter---process-----uid--"+uid);
// if (!subject.isAuthenticated())
// subject.login(new SimpleShiroToken(uid));
// doNext(ac);
// log.debug("-aa--AccessTokenFilter---process-----uid--"+uid);
// if (!subject.isAuthenticated())
// subject.logout();
// }
// public void process(ActionContext ac) throws Throwable {
// Subject subject = SecurityUtils.getSubject();
// Integer uid = (Integer) subject.getSession().getAttribute("me");
// log.debug("---AccessTokenFilter---process-----uid--"+uid);
// if (!subject.isAuthenticated())
// subject.login(new SimpleShiroToken(uid));
// doNext(ac);
// log.debug("-aa--AccessTokenFilter---process-----uid--"+uid);
// if (!subject.isAuthenticated())
// subject.logout();
// }
public void process(ActionContext ac) throws Throwable {
Subject subject = SecurityUtils.getSubject();
Integer uid = (Integer) subject.getSession().getAttribute("me");
if (!subject.isAuthenticated())
subject.login(new SimpleShiroToken(uid));
doNext(ac);
subject.logout();
}
这样试试
public void process(ActionContext ac) throws Throwable {
Subject subject = SecurityUtils.getSubject();
Long uid = (Long) subject.getSession().getAttribute("me");
if (subject.isAuthenticated())
subject.logout(); // 强制登出
subject.login(new SimpleShiroToken(uid)); // 登入
doNext(ac);
subject.logout(); // 登出
}